Need help to ensure our Wildfly 10 server (installed on Ubuntu 16.04.1 LTS) supports only TLS v1.2 and above.
How to check current ssl certificate version ?
We have enabled https in our server by editing standalone.xml
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="serverpassword" alias="server" key-password="serverpassword"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
Edit https-listener tag in standalone.xml file. And restart wildfly server.
<https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https" enabled-protocols="TLSv1.2"/>
Ensure the same by running TestSSLServer from link.
TestSSLServer4.exe localhost 8443
Related
having issue when i am passing 2048 bit encrypted string (very long set of characters) in Querystring and keep getting bad request.
I tried the following
requestlimits in web.config - doesnt work
configure Kestrel options - MaxRequestLineSize - it works only if the application is started as exe but does not work when launched with IISExpress or IIS - both out of process and in process.
Configure in startup - MaxRequestBodySize
Following is my web.config as requested
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<security>
<requestFiltering >
<requestLimits maxAllowedContentLength="2147483647" maxUrl="2147483647" maxQueryString="2147483647" />
</requestFiltering>
</security>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\ACServicesIntegrationAPI.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</location>
<system.web>
<httpRuntime maxUrlLength="40960" maxQueryStringLength="2097151" maxRequestLength="40960" />
</system.web>
</configuration>
tried this as well
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.ConfigureKestrel((context, options) =>
{
options.Limits.MaxRequestLineSize = 32768;
});
});
Any ideas/solution?
I have a asp.net/c# application that is using Windows authentication. I'm trying to control permission based on what AD users belong in but I can't seem to get it to work through the web.config.
I also added some code in the code behind and it's even acting strange:
if (Roles.IsUserInRole("STP Admin"))
{
int j = 1;
}
if (User.IsInRole(#"DOMAINNAME\STP Admin"))
{
int i = 1;
}
the first if block does not work however the second one does. So I believe this tells me the application can/is communicating with AD.
Here is my web.config that is where I'd like the code to go and it is not working for granting permissions. It will deny me access to the paths even though I am in those groups, proven by code above.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</configSections>
<loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
<listeners>
<add databaseInstanceName="STPDB" writeLogStoredProcName="WriteAuditLog" addCategoryStoredProcName="AddAuditCategory" formatter="Custom Audit Database Formatter" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Database.Configuration.FormattedDatabaseTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.Database.FormattedDatabaseTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Database Trace Listener"/>
<add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener"/>
</listeners>
<formatters>
<add template="{dictionary({key} - {value})}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Custom Audit Database Formatter"/>
<add template="Timestamp: {timestamp}
Message: {message}
Category: {category}
Priority: {priority}
EventId: {eventid}
Severity: {severity}
Title:{title}
Machine: {machine}
Application Domain: {appDomain}
Process Id: {processId}
Process Name: {processName}
Win32 Thread Id: {win32ThreadId}
Thread Name: {threadName}
Extended Properties: {dictionary({key} - {value}
)}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter"/>
</formatters>
<categorySources>
<add switchValue="All" name="Audit">
<listeners>
<add name="Database Trace Listener"/>
</listeners>
</add>
<add switchValue="All" name="General">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</add>
</categorySources>
<specialSources>
<allEvents switchValue="All" name="All Events"/>
<notProcessed switchValue="All" name="Unprocessed Category">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</notProcessed>
<errors switchValue="All" name="Logging Errors & Warnings">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</errors>
</specialSources>
</loggingConfiguration>
<connectionStrings>
<add name="STPDB" connectionString="Data Source=server\;Initial Catalog=DB;user id=usr;pwd=pass;Integrated Security=False" providerName="System.Data.SqlClient"/>
</connectionStrings>
<appSettings>
<add key="FromEmailAddress" value="stp1#company.com"/>
<add key="TrainingWarning" value="*Note: Training not being recorded for Medical, ..."/>
<add key="PrivacyMessage" value="This Information System Is Subject To The Privacy Act Of 1974"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Personnel"/>
<allow roles="DOMAIN\STP Admin"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear/>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx">
</customErrors>
</system.web>
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="STP Training"/>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="\Manage">
<system.web>
<authorization>
<allow roles="STP Training"/>
<deny users="*"/>
<allow roles="Sentry Admin"/>
</authorization>
</system.web>
</location>
<location path="\Admin">
<system.web>
<authorization>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="STP#Company.com">
<network defaultCredentials="false" host="11.111.11.11" port="25"/>
</smtp>
</mailSettings>
</system.net>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<defaultDocument>
<files>
<clear />
<add value="Dashboard.aspx"/>
</files>
</defaultDocument>
</system.webServer>
</configuration>
You seem to have forgotten the domain part :
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I am building a WCF service that speaks to an existing application, and this application requires access to ASP.NET sessions - the ability to see sessions is a requirement I cannot get around.
I built the WCF project - and have the following setting in App.config:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
I also included an interface and an implementation of the service in the file. In front of the implementation I have:
// NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "Service1" in both code and config file together.
[AspNetCompatibilityRequirements(RequirementsMode =
AspNetCompatibilityRequirementsMode.Required)]
public class SearchService : ISearchServiceInterface
{
This is a REST service, so my interface starts like:
// NOTE: You can use the "Rename" command on the "Refactor" menu to change the interface name "IService1" in both code and config file together.
[ServiceContract]
public interface ISearchServiceInterface
{
[OperationContract]
[WebInvoke(BodyStyle = WebMessageBodyStyle.Bare, ResponseFormat = WebMessageFormat.Json)]
string LoginToWebService_POST(Altec.Framework.Authorization auth);
[OperationContract]
[WebInvoke(BodyStyle = WebMessageBodyStyle.Bare, ResponseFormat = WebMessageFormat.Json)]
string GetTopLevelFolderName_POST();
The service itself is hosted in another web application - in a SearchService.svc file which has this:
<%#ServiceHost language=c# Debug="true" Service="Altec.UI.Web.SearchService.SearchService" %>
and I added this to the web.config of the hosting application:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
I believe I did all the right steps - and yet when I try to run the web application I get this error:
"
System.InvalidOperationException: This service requires ASP.NET
compatibility and must be hosted in IIS. Either host the service in
IIS with ASP.NET compatibility turned on in web.config or set the
AspNetCompatibilityRequirementsAttribute.AspNetCompatibilityRequirementsMode
property to a value other than Required. at
System.ServiceModel.Activation.AspNetEnvironment.ValidateCompatibilityRequirements(AspNetCompatibilityRequirementsMode
compatibilityMode) at
System.ServiceModel.Activation.AspNetCompatibilityRequirementsAttribute.System.ServiceModel.Description.IServiceBehavior.Validate(ServiceDescription
description, ServiceHostBase serviceHostBase) at
System.ServiceModel.Description.DispatcherBuilder.ValidateDescription(ServiceDescription
description, ServiceHostBase serviceHost) at
System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription
description, ServiceHostBase serviceHost) at
System.ServiceModel.ServiceHostBase.InitializeRuntime() at
System.ServiceModel.ServiceHostBase.OnBeginOpen() at
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout) at System.ServiceModel.Channels.CommunicationObject.Open()
at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo
info)"
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings>
<!-- database connection details -->
</appSettings>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<pages>
<controls>
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>
</controls>
</pages>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="1048576"/>
</webServices>
</scripting>
</system.web.extensions>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="jQuery-UI-layout.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ISearchServiceInterface" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://vmwarren27dev.altec-wa.com/Altec.UI.Web.Portal/SearchService.svc/WCPService" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISearchServiceInterface" contract="SearchService.ISearchServiceInterface" name="WSHttpBinding_ISearchServiceInterface">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</client>
<services>
<service name="Altec.UI.Web.SearchService.SearchService">
<endpoint address="RESTService" binding="webHttpBinding" behaviorConfiguration="json" contract="Altec.UI.Web.SearchService.ISearchServiceInterface">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint address="WCPService" binding="wsHttpBinding" contract="Altec.UI.Web.SearchService.ISearchServiceInterface">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="json">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="AjaxControlToolkit" publicKeyToken="28f01b0e84b6d53e" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-4.1.51116.0" newVersion="4.1.51116.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
You mentioned App.config - it sounds like your service is a WCF Service Library, that you're hosting under IIS. If that's the case, you need to copy the WCF configuration section from the App.config to the Web.config of the IIS application that is hosting your service.
Libraries don't use config files - they use the config file of the calling application.
I want to use form authentication in ASP.net . Users are in a database of my project. my codes are below.but these codes doesn't work.(users can't login). users are in "users" table in "news"database.
My web.config file:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="default.aspx" name=".asp" path="/" timeout="1" >
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true" targetFramework="4.0"/>
<membership>
<providers>
<clear/>
<add name="MySqlMembershipProvider"
connectionStringName="news"
applicationName="users"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
</system.web>
<appSettings/>
<connectionStrings>
<add name="news" connectionString="Data Source=Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\ava\Desktop\WebSite3\App_Data\news.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<location path="karbar.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
and my codes in default.aspx form for login is:
> protected void Button1_Click(object sender, EventArgs e) {
> if (FormsAuthentication.Authenticate(user.Text, pass.Text))
> {
> FormsAuthentication.SetAuthCookie(user.Text, true);
> FormsAuthentication.RedirectFromLoginPage(pass.Text, true);
> }
> else
> user.Text = ":((((((("; }
Update your configuration file this way:
<membership>
<providers>
<clear/>
<add name="MySqlMembershipProvider"
connectionStringName="ConnectionString"
applicationName="users"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
</system.web>
<appSettings/>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\ava\Desktop\WebSite3\App_Data\news.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
Update
I hope you have also problem in your code change it to
if (Membership.ValidateUser(user.Text, pass.Text))
{
FormsAuthentication.SetAuthCookie(user.Text, true);
FormsAuthentication.RedirectFromLoginPage(user.Text, true);
}
Update: Since you're using your own database no need for membership
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="default.aspx" name=".asp" path="/" timeout="1" >
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true" targetFramework="4.0"/>
<connectionStrings>
<add name="news" connectionString="Data Source=Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\ava\Desktop\WebSite3\App_Data\news.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<location path="karbar.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
See remove the <membership> tag all together.
then in code behind read the user record from database put the result in datareader
protected void Button1_Click(object sender, EventArgs e) {
//assume you opened the db
SqlCommand cmd=new SqlCommand();
cmd.CommandText="select * from users where username=#name and password=#pass";
cmd.Connection=conn;
cmd.Parameters.AddWithValue("name",user.Text);
cmd.Parameters.AddWithValue("pass",pass.Text);
SqlDataReader dr=cmd.ExecuteReader();
if (dr.HasRows)
{
FormsAuthentication.SetAuthCookie(user.Text, true);
FormsAuthentication.RedirectFromLoginPage(user.Text, true);
}
else labelerror.Text="Incorrect name or pass";
}
Now use your table name and I'm hopeful you know what to do. Remember you've only one web form secured karbar.aspx.
Two things:
As others mentioned in comments, make sure the connection name is news, not in but in <connectionStrings> element.
Your database should have a series of special talbes+views+SPs of Forms Authentication, by running aspnet_regsql.exe. These tables are administered internally by ASP.NET's authentication/membership/role providers.
In The Following Tag :
<forms loginUrl="default.aspx" name=".[CookieName]" path="/" timeout="1" >
Put The name of your cookie in the name property .
Also --> change the seconde parameter in :
FormsAuthentication.RedirectFromLoginPage(pass.Text, true);
to
FormsAuthentication.RedirectFromLoginPage(pass.Text, false);
After changing my target framework from 3.5 to 4, I had the symptoms and followed the steps described in http://dotnetspidor.blogspot.com/2011/09/last-time-i-got-following-error-http.html
Now I get an error on one of my pages telling me that the ajax javascript representation for the page is undefined. does someone know what could be wrong?
Thanks!
Update: ok so it seems we're using an old version of ajax.net that isn't compatible with .net 4, so Ajax.Utility.RegisterTypeForAjax does nothing. I've been searching for an updated version of the control but can only find one called ajaxpro. while this seems to be a new renamed version of ajax.net it's in a different namespace and the project has thousands of references. I would really like to find the latest ajax.net component released but haven't been able to get it all day. could someone please point me in the right direction?
Update: maybe the problem lies in my web.config, so here it is
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="sae_codelcoConnectionString" connectionString="server=192.168.4.142\sql2008r2;uid=sae_codelco;pwd=sae_codelco;database=testing_codelco" providerName="System.Data.SqlClient"/>
<add name="saeConnectionString" connectionString="server=192.168.4.142\sql2008r2;uid=sae_codelco;pwd=sae_codelco;database=testing_codelco" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" defaultLanguage="vb" maxBatchGeneratedFileSize="3000" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="aspnet" path="/" loginUrl="logon.aspx" protection="All" timeout="30"/>
</authentication>
<httpRuntime executionTimeout="100000" maxRequestLength="1234567" useFullyQualifiedRedirectUrl="false" requestLengthDiskThreshold="1234567"/>
<authorization>
<deny users="?"/>
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>
<globalization culture="es-CL" uiCulture="es" requestEncoding="UTF-8" responseEncoding="UTF-8" fileEncoding="UTF-8"/>
<httpHandlers>
<add verb="POST,GET" path="ajax/*.ashx" type="Ajax.PageHandlerFactory, Ajax"/>
</httpHandlers>
<xhtmlConformance mode="Legacy"/>
<pages enableEventValidation="false" validateRequest="false" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<location path="paginas/ordentrabajo/encuesta.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/ordentrabajo/encuesta_response_html.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/resp_remotas/tickets_abiertos.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="no_acceso.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/resp_remotas/cerrar_tickets.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/ticket/logon_tareas.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/ticket/tarea_ticket.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/encDinamica/encDinamica_basica_respuesta_persona.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="paginas/encDinamica/encDinamica_basica_respuesta_persona_display.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="PathLocalSitio" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\"/>
<add key="pathDocsTicket" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\Paginas\Docs\"/>
<add key="pathDocumentos" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\Paginas\Documentos\Archivos\"/>
<add key="Factor Semaforo Verde" value="50"/>
<add key="Factor Semaforo Amarillo" value="75"/>
<add key="Factor Semaforo Naranja" value="100"/>
<add key="Factor Semaforo Rojo" value="150"/>
<add key="Factor Semaforo Morado" value="200"/>
<add key="Filtros Upload" value="exe,bat,dll,msi"/>
<add key="Filtros Upload Mail" value="gif,jpg,jpeg"/>
<add key="Server_Smtp" value="choclio.mosaq.com"/>
<add key="Server_Smtp_Autenticar" value="1"/>
<add key="Server_Smtp_Login" value="wquiroz"/>
<add key="Server_Smtp_Password" value="rmQgGN34"/>
<add key="from_mail" value="ialvarez#mosaq.com"/>
<add key="DictionaryFolder" value="Paginas\NetSpell\dic"/>
<add key="pathDocsAnalisisIPC" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\documentos\AnalisisIPC\"/>
<add key="pathDocsMailsCRM" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\CRM\AdjuntosMails\"/>
<add key="Mail Supervisor Mesa" value="adminsae#desarrollo_sae.org"/>
<add key="Mail Administrador Contrato" value="adminsae#desarrollo_sae.org"/>
<add key="HostVariable" value="1"/>
<add key="Url_Sitio_Externo" value="http://192.168.4.144/sae_codelco/"/>
<add key="Url_Sitio" value="http://localhost/sae_codelco/"/>
<add key="ipExterna" value="200.27.57.180"/>
<add key="ActiveDirectoryLogon" value="0"/>
<add key="strDomain" value="MOSAQ"/>
<add key="pathLDAP" value="LDAP://mosaq.local.cl/DC=mosaq,dc=local,dc=cl"/>
<add key="PathMapaSitioDisco" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\imagenes\mapas\"/>
<add key="PathMapaSitios" value="../../imagenes/mapas/"/>
<add key="IPReportes" value="200.27.164.74/ReportServer$CODELCO/Pages/ReportViewer.aspx?/reportes_codelco/"/>
<add key="EspecialidadEjecutivosCRM" value="14"/>
<add key="HabilitaGenerica1Ticket" value="0"/>
<add key="Evento Retiro Componente" value="11169"/>
<add key="Evento Entrega Componente" value="11170"/>
<add key="Evento Actualizacion Componente" value="11171"/>
<add key="MisTicketsMuestraTpoRemanenteInferior" value="0"/>
<add key="MisTicketsMuestraTpoRemanenteSuperior" value="0"/>
<add key="MisTicketsMuestraCriticidad" value="0"/>
<add key="Agregar_Solucion_En_Solucion_En_Linea" value="1"/>
<add key="Id_menu_Tickets_Generales" value="132"/>
<add key="Ver_Todas_las_Criticidades" value="1"/>
<add key="Evento_Limpia_Password_Intranet" value="506"/>
<add key="Solucion_Limpia_Password_Intranet" value="128"/>
<add key="Template" value="default"/>
<!-- banca - cobre - default - amsa-->
<add key="RptCalidadVerCumpleSup" value="0"/>
<add key="ObsEsperaClienteTicket" value="0"/>
<add key="idCatGeneralDocs" value="0"/>
<add key="pathCMDBModelos" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\CMDB\"/>
<add key="pathDocsInst" value="E:\data\Projects\mosaq\SAE_CODELCO\SAE_CODELCO\Sitio\Instalaciones_ci\Docs\"/>
<add key="IdCriticidadPersonaNormal" value="1"/>
<add key="BusquedaIniIngresoOT" value="0"/>
<!-- 0.- Usuario / 1.-RUT / 2.-CI -->
<add key="VerResueltosListaPend" value="1"/>
<add key="UrlSitioProyectos" value="http://localhost/sae_codelco/"/>
<add key="CierreOT" value="1"/>
<add key="IPExternoReportes" value="200.27.57.180:8080"/>
<add key="pathDocumentosProyectos" value=""/>
<add key="IngresaNegocioEnOT" value="0"/>
<add key="BloquearModificayELiminaNotas" value="1"/>
<add key="IncluirCodigoenLabelRut" value="0"/>
<add key="MisTicketsMuestraComponentes" value="0"/>
<add key="MisTicketsMuestraRegion" value="1"/>
<add key="encuestaDinamicaBasica" value="0"/>
<add key="encuestaDinamicaAvanzada" value="0"/>
<!--
- AdmiteCreacionPersonas: 0-Deshabilitado para todos
1-Habilitado para los Id's de Empresas especificados en AdmiteCreacionPersonasIdEmpresas.
- AdmiteCreacionPersonasIdEmpresas: ID's DE EMPRESAS SEPARADAS POR ',' SI SE DEJA VACIO O UN CERO SIGNIFICA QUE ESTA HABILITADO PARA TODAS LAS EMPRESAS
-->
<add key="AdmiteCreacionPersonas" value="1"/>
<add key="AdmiteCreacionPersonasIdEmpresas" value=""/>
<add key="IdMedioAtencionTareaAgenda" value="4"/>
<add key="IdEncuestaReclamoTarea" value="2"/>
<add key="IdEncuestaFelicitacionesTarea" value="1"/>
<add key="IdEncuestaReclamoProceso" value="0"/>
<add key="IdEncuestaFelicitacionesProceso" value="0"/>
<add key="ResolverPorEmail" value="0"/>
<add key="idEvtoReposAlta" value="1"/>
<!--ID EVENTO CATALOGO REPOSICIO ALTA-MEDIA-->
<add key="idEvtoReposBaja" value="2"/>
<!--ID EVENTO CATALOGO REPOSICIO BAJA-->
<add key="EmpresasRecatalogar" value="2,3,4,5"/>
<add key="UtilizaCorrecionFechaComprometida" value="0"/>
<add key="ModCriticidadEnOT" value="1"/>
<add key="UsaReglaFechasAmsa" value="0"/>
<!-- 0.- No / 1.- Si - OJO, SOLO PARA AMSA-->
<add key="AtentoMisTicketsResaltaMasivo" value="1"/>
<!-- 0.- No / 1.- Si -->
<add key="Cliente" value="Atento"/>
<add key="LlamadaRapidaN1N2N3" value="3,10,Consulta"/>
<add key="LlamadaRapidaIDEvento" value="11392"/>
<add key="urlSitioNoticias" value="http://www.saedemo.cl/noticias/default.aspx?rawHsh="/>
<add key="solicIdEstado" value="1"/>
<add key="IdMedioAtencionSolContacto" value="5"/>
<add key="solicIdTipo" value="3"/>
<add key="idGenericoSolicitantePGFensaMademsa" value="1"/>
<add key="IDTGenjunaeb" value="221"/>
<add key="IDTGenmademsa" value="220"/>
<add key="IDTGenfensa" value="219"/>
<!-- Nueva funcionalidad cuando la empresa no me provee el login de la persona hay que buscarla por rut-->
<add key="SearchByDescriptionInActive" value="0"/>
<add key="SearchActiveUserName" value="Prueba"/>
<add key="SearchActiveUserPassword" value="12345678"/>
<!-- *************************************************-->
<add key="junaeb" value="0"/>
<!-- Solo si es junaeb dejar en 1 -->
<add key="gruposCAS" value="1"/>
<!-- Solo si es cas dejar en 1 -->
<add key="bpm2009" value="0"/>
<add key="url_bpm2009" value="http://ignacio-pc/websaeprocesos2009/paginas/ticket_proceso.aspx"/>
<add key="SaeV2MDB.WSProcesos2009.WsInstansiaProceso" value="http://ignacio-pc/WSSAEProcesos2009/WsInstansiaProceso.asmx"/>
<add key="urlReporteContratosPagos" value="http://192.168.4.73/ReportServer$CODELCO/Pages/ReportViewer.aspx?%2freportes_codelco%2fEstado_de_pago"/>
<add key="url_rfc" value="http://localhost/sae_codelco_rfc/default.aspx"/>
<add key="IdMedioAtencionDefectoOT" value="2"/>
<add key="IdTipoCatalogoDefectoOT" value="1"/>
</appSettings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="ajax/*.ashx_POST,GET" path="ajax/*.ashx" verb="POST,GET" type="Ajax.PageHandlerFactory, Ajax" preCondition="integratedMode,runtimeVersionv2.0"/>
</handlers>
</system.webServer>
</configuration>
I had to remove the preCondition attribute from the web.config handler. now it works again
Set the managed pipeline mode for the app pool it runs under to 'Classic'